Vulnerabilities

New Vulnerabilities, Latest Software Vulnerabilities, New CVE, Recent Vulnerability, Exploit POCs, Proof Of Concept. Latest Security Vulnerabilities

Windows

Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware

Just your average information security researcher from Delaware US.

A cybersecurity firm has issued another unofficial patch to squash a bug in Windows that Microsoft has yet to fix, with this hole being actively exploited to spread ransomware. Rewind to October 17, and Acros Security released a small binary patch to address a flaw in Microsoft’s Mark-of-the-Web (MotW) feature. This feature is supposed to set a …

Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware Read More »

Cybersecurity

Everything you need to know about the OpenSSL 3.0.7 Patch

Just your average information security researcher from Delaware US.

Vulnerability Details The vulnerability is a buffer overflow in the X.509 certificate verification, which is the code used to validate TLS certificates. The vulnerability could potentially be exploited to allow remote code execution via a malicious TLS certificate; however, it requires that the malicious TLS certificate be signed by a trusted CA. Since certificate verification …

Everything you need to know about the OpenSSL 3.0.7 Patch Read More »

vulnerability

What You Should Know about the New OpenSSL Vulnerability

Just your average information security researcher from Delaware US.

TL;DR: If you use OpenSSL 3.0 or higher, prepare to upgrade to version 3.0.7 as soon as possible. The fix is available from Tuesday, 1 November 2022, between 1300-1700 UTC. On Tuesday, the OpenSSL team announced the release of a new version to address a critical vulnerability in versions 3.0.0 and higher. The new version will be available …

What You Should Know about the New OpenSSL Vulnerability Read More »

vmware

VMware warns of the public availability of CVE-2021-39144 exploit code

Just your average information security researcher from Delaware US.

VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V). VMware NSX is a network virtualization solution that is available in VMware vCenter Server. The remote code execution vulnerability resides in the XStream open-source library. Unauthenticated attackers can exploit the vulnerability …

VMware warns of the public availability of CVE-2021-39144 exploit code Read More »

Zero-day

Critical zero-day bug, first since Heartbleed, identified in OpenSSL

Just your average information security researcher from Delaware US.

OpenSSL has a new “critical” bug. But it’s a secret—until next month. Organizations have five days to prepare for what the OpenSSL Project on Oct. 26 described as a “critical” vulnerability in versions 3.0 and above of the nearly ubiquitously used cryptographic library for encrypting communications on the Internet. On Tuesday, Nov. 1, the project will …

Critical zero-day bug, first since Heartbleed, identified in OpenSSL Read More »

apple

Apple fixes exploited iOS, iPadOS zero-day (CVE-2022-42827)

Just your average information security researcher from Delaware US.

For the ninth time this year, Apple has released fixes for a zero-day vulnerability (CVE-2022-42827) exploited by attackers to compromise iPhones. About CVE-2022-42827 CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges. “Apple is aware of …

Apple fixes exploited iOS, iPadOS zero-day (CVE-2022-42827) Read More »

vulnerability

VMware bug with 9.8 severity rating exploited to install witch’s brew of malware

Just your average information security researcher from Delaware US.

Hackers have been exploiting a now-patched vulnerability in VMware Workspace ONE Access in campaigns to install various ransomware and cryptocurrency miners, a researcher at security firm Fortinet said on Thursday. CVE-2022-22954 is a remote code-execution vulnerability in VMware Workspace ONE Access that carries a severity rating of 9.8 out of a possible 10. VMware disclosed and …

VMware bug with 9.8 severity rating exploited to install witch’s brew of malware Read More »

Remote code execution

Backdoor.Win32.Psychward.10 MVID-2022-0651 Remote Command Execution

Just your average information security researcher from Delaware US.

Suggest an edit to this article Cybersecurity Knowledge Base Latest Cybersecurity News Cybersecurity Academy Homepage source Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today. Remember, CyberSecurity Starts With You! Globally, 30,000 websites are hacked daily. 64% of companies worldwide have experienced at least one form of a cyber …

Backdoor.Win32.Psychward.10 MVID-2022-0651 Remote Command Execution Read More »

Remote code execution

WordPress Plugin ImageMagick-Engine 1.7.4 – Remote Code Execution (RCE) (Authenticated)

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

A remote code execution (RCE) vulnerability was discovered in WordPress Plugin ImageMagick-Engine by Security Researcher ABDO10 affecting <= 1.7.4. Suggest an edit to this article Cybersecurity Knowledge Base Latest Cybersecurity News Cybersecurity Academy Homepage Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today. Remember, CyberSecurity Starts …

WordPress Plugin ImageMagick-Engine 1.7.4 – Remote Code Execution (RCE) (Authenticated) Read More »

Reflected-XSS-bugs-in-Canon-Medical-Vitrea-View-could-expose-patient-info

Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Trustwave researchers discovered two XSS flaws in Canon Medical’s Vitrea View tool that could expose patient information. During a penetration test, Trustwave Spiderlabs’ researchers discovered two reflected cross-site scripting (XSS) vulnerabilities, collectively as CVE-2022-37461, in third-party software for Canon Medical’s Vitrea View. The Vitrea View tool allows viewing and securely share medical images through the DICOM …

Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info Read More »